THE LINUX FOUNDATION PROJECTS
search
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

Nov 28

A Message from the Governing Board of the OpenChain Project

By Featured, News

A message from the Governing Board of the OpenChain Project:

We wanted to let you know that there will be a rotation in the administrative leadership of the OpenChain Project in Mid-December 2025. Shane Coughlan, our General Manager over the last eight years, will be transitioning to work on a personal venture, and we will shortly be announcing a new executive leader in the same role. In the meantime, the Governing Board, The Linux Foundation project management office, the Work Group Chairs and the Ambassadors will collaborate as usual to continue our normal meetings, releases and community building.

The Governing Board would like to express their gratitude to Shane for all the work he has put into the project over the years, constantly going above and beyond. Shane’s work with the OpenChain Project is nothing short of spectacular, he has been a community builder, role model, and friend to the OpenChain community and he will be missed. The board want to wish him the best of luck in his new endeavors and for him to know that he will forever remain part of the OpenChain family he helped create.

“I have been honored to work on this project, with this board and with everyone in our exceptional community over the last eight and a half years,” says Shane Coughlan, OpenChain General Manager. “After such a long period, and enjoying so much collective success, it is a difficult decision to move on to a new venture. However, there is a personal project that I want to attend to, and the passage of time has suggested to me that it is appropriate to begin work on that activity. I will speak more to this in early 2026, but for now my focus is on finalizing the transition of the administrative leadership of the OpenChain Project. We have extensive internal process material and a purposefully distributed management system to aide in sustainability and such transitions, and I am fully confident in the health and continued momentum of the project and our activities.

In closing, I want to take a moment to thank everyone who has made this journey possible for me. While there are too many people to name individually – such is the scale of our community and accomplishment – I would like to give special thanks to David Marr of Qualcomm for leading the foundation of the OpenChain Project, to Jimmy Ahlberg of Ericsson for leading us through the evolution into a multi-ISO standard project, to Watanabe San, Kobota San, Owada San and Fukuchi San for being instrumental in the development of our work in Japan, to Haksung Jang for leading our work in Korea to such success, to Zhenhua Sun in China for his leadership and driving frequent local meetings, to Oliver Fendt and Marcel Kurzmann in Germany for endlessly encouraging and supporting one of the exceptional local communities in the domain of processes and automation, and finally to the dearly departed Ueda San for providing inspiration in community building that has always helped guide and ensure the success of what we do.

And finally my thanks to you all, who have attended calls, come to meetings and read (and reshared) our news across the world. You made this community, and you made this success. I am grateful to call you my colleagues in open source.”

An administrative note: For those of you interested in learning more about this transition for 2026 – and about the executive leadership role – you can contact Renu from the Project Management office at helpdesk@lists.openchainproject.org

Nov 28

Webinar – OIN: A Conversation About the Journey So Far and Preview of OIN 2.0

By community, legal, News, Webinar

OpenChain hosted an open discussion between Keith Bergelt, CEO of OIN and Shane Coughlan, GM of OpenChain to unpack the evolution of patent non-aggression in the open source ecosystem, and explore what is coming next for existing and potential new licensees of the OIN System Definition.

This is a key webinar for those interested in addressing patent risk and containment strategy, and is recommended for legal, project management and executive teams.

Watch the Webinar:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars:

This OpenChain Webinar was broadcast on 2025-11-27.

Nov 28

Sun Square Becomes an Official OpenChain Partner

By News

Taipei, Taiwan — Sun Square has been officially recognized as both an OpenChain Service Provider and a Third-Party Certifier. This dual status enables the company to support global organizations in adopting ISO/IEC 5230 and ISO/IEC 18974, improving open source governance and software supply chain security.

This dual recognition enables Sun Square to support organizations adopting ISO/IEC 5230 (Open Source License Compliance) and ISO/IEC 18974 (Open Source Security Assurance), helping them build transparent and secure software-supply-chain governance.

The OpenChain Project, led by the Linux Foundation, establishes global standards for open source software supply chains. Its core specification, ISO/IEC 5230, defines best practices for license compliance, while ISO/IEC 18974 extends those principles to vulnerability management and security control.

As both a Service Provider and a Third-Party Certifier, Sun Square bridges advisory guidance with independent assessment. This combined capability allows enterprises to develop robust processes and obtain formal certification demonstrating their commitment to international standards.

“Becoming an OpenChain Partner reflects Sun Square’s long-term commitment to open collaboration and secure software supply chains,” said SZ Lin (林上智), Chief Cybersecurity Advisor at Sun Square. “By combining our OT cybersecurity and open source compliance expertise with OpenChain’s global framework, we aim to enable organizations to strengthen governance and resilience throughout the software lifecycle.”

Sun Square offers integrated services that include OT cybersecurity training and advisory based on the ISA/IEC 62443 standard, open source compliance and security governance for ISO/IEC 5230 and 18974 implementation, and software lifecycle security management covering SBOM development and vulnerability remediation.

By combining international standards with local implementation expertise, Sun Square continues to promote trusted and sustainable open source and cybersecurity practices in Taiwan and across the Asia-Pacific region.

About Sun Square

Sun Square Co., Ltd., headquartered in Taiwan and serving clients worldwide, provides cybersecurity and open source advisory services that help organizations align with international standards and regulations. The company specializes in OT security training, open source compliance, and software supply chain assurance, delivering consulting, training, and certification support aligned with ISO/IEC 5230, ISO/IEC 18974, and other global standards.

Learn more: https://sunsquare.tech

About the OpenChain Project:

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Check Out The Publicly Announced Community of Conformance:

Nov 27

RECORDING: OpenChain SBOM Work Group – Monthly Meeting – 2025-11-26

By News

As always, we focused on the question of “how do we use SBOMs in production, large-scale and complex supply chains?”

This Meeting Featured:

  1. A special presentation from Thomas Graf of Siemens on the practical implementation and use of the Siemens SBOM.
  2. Open Q&A session
  3. And some updates from the Chair

Watch the Meeting:

Learn More About This Study Group:

Our SBOM Study Group brings all our various SBOM-related activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?” Our original kick-off call has all the details.

Get Involved:

Everyone is welcome to be part of this study group! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list: https://lists.openchainproject.org/g/sbom

💻 We have a dedicated GitHub Repo: https://github.com/OpenChain-Project/SBOM-sg

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here: https://www.openchainproject.org/participate

Nov 27

RECORDING: OpenChain Monthly Specification and Education Call (Europe – Asia) – 2025-11-19

By News

We Discussed:

Lead by Martin Yagi (Chair Education Work Group), the call covered the following agenda:

  • OpenChain Project News
  • Specification Work Group – Updates to the standard(s) and regulatory adherence
  • Education Work Group – Updates to training material
  • Any Other Business?

A reminder for those in North America – while this edition of the monthly call is happening in the darkest hours of the night for you, we also have a monthly North America / Europe call that works better for those in the Americas. Check out the schedule for this and all our other meetings here:
https://openchainproject.org/participate

Watch the Recording:

Coming Next:

  • A ton of work pending on education, and a survey to be released for the spec. Expect a strong focus on looking at what we have accomplished, looking at feedback, and making it better.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

Nov 27

RECORDING: OpenChain Monthly Specification and Education Call (North America – Europe) – 2025-11-13

By News

We Discussed:

Lead by Chris Wood (Chair, Specification Work Group) and Martin Yagi (Chair Education Work Group), the call covered the following agenda:

  • OpenChain Project News
  • Specification Work Group – Updates to the standard(s) and regulatory adherence
  • Education Work Group – Updates to training material
  • Any Other Business?

A reminder for those in Asia – while this edition of the monthly call is happening in the darkest hours of the night (01:30 in Japan!), we also have a monthly Europe / Asia call that works better for those in Eastern time zones. Check out the schedule for this and all our other meetings here:
https://openchainproject.org/participate

Watch the Recording:

Coming Next:

  • A ton of work pending on education, and a survey to be released for the spec. Expect a strong focus on looking at what we have accomplished, looking at feedback, and making it better.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

Nov 18

COMING SOON: OpenChain Webinar – OIN: A Conversation About the Journey So Far and Preview of OIN 2.0 – 2025-11-25 @ 16:00 PST – 2025-11-26 @ 08:00 CST / 09:00 KST+JST

By News

OpenChain will host a special webinar on 2025-11-25 @ 16:00 PST – 2025-11-26 @ 08:00 CST / 09:00 KST+JST entitled “OIN: A Conversation About the Journey So Far and Preview of OIN 2.0.”

Featuring an open discussion between Keith Bergelt, CEO of OIN and Shane Coughlan, GM of OpenChain, we will unpack the evolution of patent non-aggression in the open source ecosystem, and explore what is coming next for existing and potential new licensees of the OIN System Definition.

This will be a key discussion for those interested in addressing patent risk and containment strategy, and is recommended for legal, project management and executive teams.

Join here @ 16:00 PST – 2025-11-26 @ 08:00 CST / 09:00 KST+JST:
https://zoom-lfx.platform.linuxfoundation.org/meeting/93064800269?password=7e728b97-7be0-488f-8a89-e12d7f864eea

Nov 18

OpenChain @ Deloitte Global IT Asset Management (ITAM) Survey 2025

By News

The industry has spoken, and there are some concerns about governance we need to address.

The Deloitte Global IT Asset Management (ITAM) Survey 2025 uncovered this important insight: “preparedness around open-source software remains a blind spot. Only 17% of respondents have a dedicated Open-Source Program Office (OSPO) or equivalent framework. Just 7% align this function to recognised standards such as ISO/IEC 5230 and 18974, while the remaining 10% operate without reference to any formal framework.”

See page 15 and 16:
https://hubs.la/Q03TS8PJ0

Clearly, while we have collectively made significant progress around building a more trusted supply chain, there is a long distance to go.

You can be part of the solution by contributing to the OpenChain community as we address process management for open source license compliance, security assurance, SBOM quality and – most recently – AI system bill of material compliance. Learn more here:
https://hubs.la/Q03TS8hm0

Nov 13

OpenChain Newsletter #83

By Monthly Newsletter, News

Newsletter – Issue 83 – October 2025

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Headline News

Conformance Announcements

Two more companies have announced conformance with OpenChain ISO/IEC 5230, strengthening their software supply chain management:

Recorded Meetings

Several working group and specification calls were recorded. You can watch these to catch up on detailed discussions across various compliance topics.

OpenChain @ Events

OpenChain continues to have a strong presence at global events, discussing compliance, data protection, and open source management.

New Partner Announcements

The OpenChain ecosystem continues to grow with new partners.

Get Involved

  • Potential Action: The numerous recorded meetings from the AI, SBOM, and Telco work groups highlight the ongoing discussions in the community. You can join these future meetings to stay current and contribute.
  • To participate in the working groups, join mailing lists, and attend calls, visit: https://openchainproject.org/participate

Note: This newsletter usually only contains primary meetings. Some community meetings are not recorded or are released through other channels.

Read Previous Newsletters:

AI Usage:

This newsletter is created by using a template, curating links from a month of OpenChain news posted on the blog and using these prompts on Google Gemini to fill out the central news:

  • “Summarize the following newsletter for folks interested in the open source compliance to learn the latest changes in the space and find possible items that can act on. Include the links in this newsletter. Add notes on potential further actions by readers, particularly around attending future meetings. Direct people to this link to participate further: https://openchainproject.org/participate”

The newsletter is then subject to an edit cycle. If you spot any errors we missed, please contact us.

Nov 13

Public Comment Period – Cross-Industry SBOM Quality Guide – Ends 30th January 2026

By unlisted

Happening Now:

We are announcing a public comment period for the Cross-Industry Guide to SBOM Quality that has been developed by the OpenChain SBOM Work Group.

Why This Is Happening:

The OpenChain Project has a formal process for public comment periods related to important releases like the Cross-Industry SBOM Quality Guide. These public comment periods signify that we have completed work on a topic, and now want to ensure people outside of the OpenChain Project and its work groups can provide additional input as needed. After the public comment period, we formally release the relevant document.

You can read the full process (and our other processes) here: https://openchainproject.org/processes#process-public-comments

How This Works:

We are accepting comments via our SBOM Work Group mailing list and through our monthly calls. The recommended way of providing feedback is via the mailing list.

You can find the URL for the mailing list here: https://lists.openchainproject.org/g/sbom

You can find our SBOM Work Group calls (and all other OpenChain calls) list here: https://openchainproject.org/participate